Compliance Engineer - IT Privacy

ostco IT is responsible for the technical future of Costco Wholesale, the third largest retailer in the world with wholesale operations in fourteen countries. Despite our size and explosive international expansion, we continue to provide a family, employee centric atmosphere in which our employees thrive and succeed.

This is an environment unlike anything in the high-tech world and the secret of Costco’s success is its culture. The value Costco puts on its employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. Our employees and our members come FIRST.  Costco is well known for its generosity and community service and has won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others. 

Come join the Costco Wholesale IT family. Costco IT is a dynamic, fast-paced environment, working through exciting transformation efforts. We are building the next generation retail environment where you will be surrounded by dedicated and highly professional employees.

Compliance Engineers support the overarching values and business goals of Costco as they relate to meeting legal and regulatory obligations, identifying technical risks to the business, protecting member data and privacy, and ensuring continued compliance with Costco’s policies. Compliance Engineers work cross functionally to define and set guidance in response to emerging standards and legislations, ensure policies and procedures are implemented and well documented, perform technical architecture, network and system reviews, ensure compliance requirements and controls are designed and implemented prior to go-live and identify compliance problems that require formal attention. Compliance Engineers speak both technical and business language interchangeably to effectively communicate and lead. 

Costco is seeking a Compliance Engineer to join our IT Privacy team. This role is foundational to building a scalable, data- driven governance program that drives consistent control adoption, measurable maturity, and operational excellence across the enterprise.

This position will be focused on all aspects of Privacy that involve our Costco Wholesale Privacy posture, handling of PI data and how we are compliant with US State and International Privacy Laws. This individual will lead the development, institutionalization, and deployment of an integrated controls framework that addresses diverse regulatory privacy requirements in collaboration with internal stakeholders. This includes overseeing the design, collation, review, analysis, and communication of the privacy program’s progress against objectives, with a focus on transparency and accountability.

Key responsibilities also encompass managing data subject rights requests (DSRs), overseeing the privacy impact assessment (PIA) process—including the technical PIA component—maintaining and enhancing the record of processing activities (ROPA), and managing the digital tracker space for digital cookies. The role requires a strategic approach to ensure compliance, operational efficiency, and continuous improvement across all privacy workstreams, fostering a privacy-first culture throughout the organization. This position will be focused on all aspects of Privacy risk management and data with a particular emphasis on California Privacy Law, HIPAA, PII (domestic & international), GDPR and other industry or regulatory compliance that impact Costco and the Costco Mobile app. The ideal candidate has experience designing and managing data-driven processes in large enterprise environments and can translate complex compliance requirements into clear, repeatable workflows.

If you want to be a part of one of the worldwide BEST companies “to work for”, simply apply and let your career be reimagined.

ROLE

● Designs, develops, and implements scalable automation solutions to support privacy workflows such as Data Subject Rights (DSR), Records of Processing Activities (ROPA), and Privacy Impact Assessments (PIA).

● Builds and enhances privacy control mechanisms, ensuring consistent application across global regions and compliance with international privacy regulations.
 

● Manages the full lifecycle of privacy initiatives, from requirements gathering and solution design to deployment, monitoring, and continuous improvement.

● Collaborates with cross-functional teams including legal, legal counsel, compliance, IT, and business units to ensure privacy controls are integrated into enterprise processes.
 

● Translates complex regulatory privacy requirements (GDPR, CCPA, HIPAA, COPPA, etc.) into clear, actionable, and repeatable technical controls and workflows.

● Develops and maintains privacy metrics, dashboards, and reports to communicate control health, compliance status, and risk levels to leadership.
 

● Supports the deployment and adoption of privacy tools and platforms globally (e.g., OneTrust, Transcend, Vault JS), ensuring system reliability, integration, and scalability.
 

● Leads evaluations and remediation of technical privacy controls, identifying gaps and implementing solutions to mitigate risks.

● Establishes and refines privacy governance processes, standards, and best practices aligned with global regulations and internal policies.

● Conducts regular assessments of privacy platform capabilities, identifying opportunities for automation, efficiency, and scalability.

● Facilitates privacy by design principles during new project development and system implementations.

● Provides technical expertise to internal teams and stakeholders on privacy controls, automation, and regulatory compliance.

● Mentors and guides internal privacy team members and other stakeholders to develop privacy engineering capabilities.

● Collaborates with audit and compliance teams to prepare for and support privacy audits, assessments, and regulatory reviews.

● Contributes to the development of privacy control frameworks, maturity models, and process documentation.

● Maintains awareness of evolving global privacy laws and industry best practices, incorporating updates into privacy engineering solutions.

REQUIRED

● 6+ years’ experience in privacy engineering, data protection, or a related role within large enterprise environments.
 

● Strong technical background with expertise in designing, building, and operationalizing automation and integration solutions supporting privacy workflows (e.g., PIA, ROPA, DSR, cookie compliance).
 

● Hands-on experience with privacy and compliance tools such as OneTrust, Transcend, Vault JS, or similar platforms.
 

● Deep understanding of global privacy regulations including GDPR, CCPA/CPRA, UK GDPR, and emerging international privacy laws (e.g., India DPDPA, Canada CPPA, EU AI Act).
 

● Experience in developing and maintaining privacy controls, data subject rights management, and privacy impact assessments, including technical components.
 

● Knowledge of data governance, data lifecycle management, and data classification practices.
 

● Familiarity with privacy by design principles, technical controls, and secure software development practices.
 

● Ability to translate complex legal and regulatory privacy requirements into scalable, technical solutions.
 

● Experience with data mapping, records of processing activities (ROPA), and privacy-related documentation.
 

● Strong analytical skills with the ability to assess risks, recommend controls, and monitor compliance metrics.
 

● Experience managing and improving privacy tooling infrastructure, ensuring system reliability, security, and alignment with enterprise architecture.
 

● Exceptional communication skills, capable of collaborating with global stakeholders, legal teams, IT, and business units.
 

● Proven ability to lead cross-functional initiatives, manage multiple priorities, and deliver results on time.
 

● Demonstrated commitment to continuous learning and staying updated on evolving privacy laws and best practices.
 

● Ability and willingness to travel internationally as required to support global privacy initiatives, stakeholder engagement, and compliance activities.
 

● Demonstrated ability to effectively collaborate across multiple time zones in an international environment, ensuring seamless communication and coordination with global stakeholders.
 

● 8 -12+ years of directly related experience.

Recommended:

● Compliance and security certifications preferred (e.g., CIPP, CIPT, AIGP, CIPM, etc.).

● Ability to work with cross-business and cross-functional teams in a geographically distributed environment.

● Ability to work independently, as well as part of the team.

● Ability to conduct a gap analysis to identify controls gaps and aid in solutioning, process creation.

● Ability to examine issues both strategically and analytically.

● Ability to work on multiple, simultaneous initiatives.

● Experience working with clients to provide advice, strategies, and solutions to address compliance challenges and goals.

● Bachelor’s degree in Computer Science, Information Security, Law, or a related field; advanced degrees or certifications (e.g., CIPP, CIPM, CISSP, CISA) preferred.
 

● Ability to research and present topics.
 

● Proficient in Google Workspace applications, including Sheets, Docs, Slides, and Gmail.

Required Documents

●      Cover Letter

●      Resume

California applicants, please click here to review the Costco Applicant Privacy Notice.

Pay Ranges: 

Level SR - $150,000 - $190,000, Bonus and Restricted Stock Unit (RSU) eligible

Level STF- $180,000 - $225,000, Bonus and Restricted Stock Unit (RSU) eligible

We offer a comprehensive package of benefits including paid time off, health benefits - medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance, health care reimbursement account, dependent care assistance plan, short-term disability and long-term disability insurance, AD&D insurance, life insurance, 401(k), stock purchase plan to eligible employees.

Costco is committed to a diverse and inclusive workplace. Costco is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or any other legally protected status. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to IT-Recruiting@costco.com

If hired, you will be required to provide proof of authorization to work in the United States. In some cases, applicants and employees for selected positions will not be sponsored for work authorization, including, but not limited to H1-B visas.